CSO Online

13 new critical holes in JavaScript sandbox allow execution of arbitrary code

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...
Boing Boing on MSNOpinion

Security researcher tears apart White House app and finds a tracking and security nightmare

A security researcher who decompiled the White House's new mobile app says it contains hidden GPS-tracking capabilities, weak ...

A Security Researcher Decompiled The White House App, & What They Found Is Pretty Alarming

Recently, The White House launched its own official app on iOS and Android, claiming that it gives users "unparalleled access ...
InfoQ

GitHub Enhances CodeQL with Declarative Security Modeling for Faster, More Flexible Analysis

GitHub has introduced a significant update to its CodeQL engine, enabling developers to define custom sanitizers and ...

Backdoored PyTorch Lightning package drops credential stealer

A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a ...

The never-ending supply chain attacks worm into SAP npm packages, other dev tools

The wave of supply chain attacks aimed at security and developer tools has washed up more victims, namely SAP and Intercom ...
The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...
The Hacker News

EtherRAT Distribution Spoofing Administrative Tools via GitHub Facades

GitHub facades and Ethereum smart contracts power a March 2026 admin-targeted campaign, enabling resilient C2 rotation and ...
InfoWorld

SAP npm package attack highlights risks in developer tools and CI/CD pipelines

Researchers say the campaign targeted developer credentials and cloud secrets while abusing trusted publishing and AI coding ...

Official SAP npm packages compromised to steal credentials

Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal ...

"GitHub is failing me, every single day, and it is personal": After Xbox and Windows, now GITHUB is in crisis — Microsoft, what are you doing?

One of GitHub's most staple contributors announced they are abandoning ship due to constant outages. GitHub's COO responds, ...
InfoWorld

The best JavaScript certifications for getting hired

Earn these JavaScript certs to demonstrate mastery of the most in-demand skills for the world’s most-used programming ...